http://www.wired.com/threatlevel/2013/07/ipmi/ Capsule summary: watch out! --Steve Bellovin, https://www.cs.columbia.edu/~smb
On Tue, Jul 2, 2013 at 10:51 AM, Steven Bellovin <smb@cs.columbia.edu>wrote:
http://www.wired.com/threatlevel/2013/07/ipmi/
Capsule summary: watch out!
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Dan Farmer wrote a really nice paper on this subject, complete with bibliography, references, and a tad more content. :) http://fish2.com/ipmi/itrain.html
On 2013-07-02 16:51 , Steven Bellovin wrote:
http://www.wired.com/threatlevel/2013/07/ipmi/
Capsule summary: watch out!
Indeed! But it is should be logical, as IPMI is supposed to be for OOB access right? :) Anybody not putting them behind a properly restricted firewall and/or VLAN is asking for issues... typical IPMI boxes run outdated linux kernels, with nice olddated userspace and a whole lot of tools that one can not really restrict access to, thus it is quite silly to have that access open to the public. Greets, Jeroen
From: Jeroen Massar [mailto:jeroen@massar.ch] On 2013-07-02 16:51 , Steven Bellovin wrote:
http://www.wired.com/threatlevel/2013/07/ipmi/
Capsule summary: watch out!
Indeed! But it is should be logical, as IPMI is supposed to be for OOB access right? :)
Anybody not putting them behind a properly restricted firewall and/or VLAN is asking for issues... typical IPMI boxes run outdated linux kernels, with nice olddated userspace and a whole lot of tools that one can not really restrict access to, thus it is quite silly to have that access open to the public.
That same reasoning has worked wonders at keeping SCADA systems off the public internet too. Jamie
On 2013-07-02 17:54 , Jamie Bowden wrote:
From: Jeroen Massar [mailto:jeroen@massar.ch] On 2013-07-02 16:51 , Steven Bellovin wrote:
http://www.wired.com/threatlevel/2013/07/ipmi/
Capsule summary: watch out!
Indeed! But it is should be logical, as IPMI is supposed to be for OOB access right? :)
Anybody not putting them behind a properly restricted firewall and/or VLAN is asking for issues... typical IPMI boxes run outdated linux kernels, with nice olddated userspace and a whole lot of tools that one can not really restrict access to, thus it is quite silly to have that access open to the public.
That same reasoning has worked wonders at keeping SCADA systems off the public internet too.
People problems cannot be resolved with code. Greets, Jeroen
On Tue, 02 Jul 2013 17:58:16 +0200, Jeroen Massar said:
On 2013-07-02 17:54 , Jamie Bowden wrote:
That same reasoning has worked wonders at keeping SCADA systems off the public internet too.
People problems cannot be resolved with code.
Would an Linux cluebat driver count? :)
participants (5)
-
Dave Lindner
-
Jamie Bowden
-
Jeroen Massar
-
Steven Bellovin
-
Valdis.Kletnieks@vt.edu